Module Question 7
1. Explain the “Shared Responsibility Model.” What is the cloud provider responsible for, and what is the business (customer) responsible for?
| Answer :
The Shared Responsibility Model is a security framework where the cloud provider (like Google Cloud or AWS) and the customer divide security duties. The Provider is responsible for “Security of the Cloud,” which includes protecting the global infrastructure, physical data centers, and the hardware/software that runs the cloud services. The Customer (the business) is responsible for “Security in the Cloud.” This includes securing their own data, managing user access (IAM), configuring firewalls, and ensuring that their applications are patched and updated. Failing to understand this boundary is a leading cause of data breaches. |
2. What is a cloud misconfiguration, and can you provide an example (e.g., a public S3 bucket)?
| Answer :
A Cloud Misconfiguration occurs when security settings are incorrectly set or left at default, leaving the cloud resources vulnerable to the public internet. A classic example is a Public S3 Bucket (storage). If a developer accidentally sets the permissions of a storage bucket to “Public Read,” anyone with the URL can access and download sensitive files, such as customer databases or financial records—without needing a password. Misconfigurations are often not “hacks” in the traditional sense, but rather “open doors” caused by human error during the setup process. |
3. Why are Identity and Access Management (IAM) policies so critical in a cloud environment
| Answer :
Identity and Access Management (IAM) policies are critical because they act as the “digital keys” to a business’s cloud resources. In a cloud environment, resources are accessed via the internet, making traditional physical boundaries irrelevant. IAM allows a business to follow the “Principle of Least Privilege,” ensuring that each employee or application only has the exact permissions they need to perform their job, and nothing more. This prevents a “lateral movement” attack; if one user’s account is compromised, the attacker is restricted to only that user’s limited permissions, protecting the rest of the company’s sensitive data. |
Status: 100%
Keterangan: Sudah mengerjakan tugas dengan baik dan benar.
